Received: by mail.netbsd.org (Postfix, from userid 605)
	id 5F60C84DF3; Mon,  7 May 2018 07:13:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id DD5F484DEB
	for <pkgsrc-changes@NetBSD.org>; Mon,  7 May 2018 07:13:29 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id HVO_xPsPcX_k for <pkgsrc-changes@netbsd.org>;
	Mon,  7 May 2018 07:13:29 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 1140884DAF
	for <pkgsrc-changes@NetBSD.org>; Mon,  7 May 2018 07:13:29 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 02105FBEC; Mon,  7 May 2018 07:13:29 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1525677208167570"
MIME-Version: 1.0
Date: Mon, 7 May 2018 07:13:28 +0000
From: "Havard Eidnes" <he@netbsd.org>
Subject: CVS commit: pkgsrc/net/unbound
To: pkgsrc-changes@NetBSD.org
Reply-To: he@netbsd.org
X-Mailer: log_accum
Message-Id: <20180507071329.02105FBEC@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1525677208167570
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	he
Date:		Mon May  7 07:13:28 UTC 2018

Modified Files:
	pkgsrc/net/unbound: Makefile distinfo
	pkgsrc/net/unbound/patches: patch-configure

Log Message:
Upgrade unbound to version 1.7.1.

Upstream changes:

Features
- Add --with-libhiredis, unbound support for a new cachedb
  backend that uses a Redis server as the storage.  This
  implementation depends on the hiredis client library
  (https://redislabs.com/lp/hiredis/).
  And unbound should be built with both --enable-cachedb and
  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
  should exist).  Patch from Jinmei Tatuya (Infoblox).
- Create additional tls service interfaces by opening them on other
  portnumbers and listing the portnumbers as additional-tls-port: nr.
- ED448 support.
- num.query.authzone.up and num.query.authzone.down statistics counters.
- Accept both option names with and without colon for get_option
  and set_option.
- low-rtt and low-rtt-pct in unbound.conf enable the server selection
  of fast servers for some percentage of the time.
- num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN
  statistics counters.
- allow-notify: config statement for auth-zones.
- Can set tls authentication with forward-addr: IP#tls.auth.name
  And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".
  such as forward-addr: 9.9.9.9@853#dns.quad9.net or
  1.1.1.1@853#cloudflare-dns.com
- list_auth_zones unbound-control command.
- Added root-key-sentinel support

Bug Fixes
- Fix #3727: Protocol name is TLS, options have been renamed but
  documentation is not consistent.
- Check IXFR start serial.
- Fix typo in documentation.
- Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually
  flushed with serve-expired on.
- Fix #3817: core dump happens in libunbound delete, when queued
  servfail hits deleted message queue.
- corrected a minor typo in the changelog.
- move htobe64/be64toh portability code to cachedb.c.
- iana port update.
- Do not use cached NSEC records to generate negative answers for
  domains under DNSSEC Negative Trust Anchors.
- Fix unbound-control get_option aggressive-nsec
- Check "result" in dup_all(), by Florian Obser.
- Fix #4043: make test fails due to v6 presentation issue in macOS.
- Fix unable to resolve after new WLAN connection, due to auth-zone
  failing with a forwarder set.  Now, auth-zone is only used for
  answers (not referrals) when a forwarder is set.
- Combine write of tcp length and tcp query for dns over tls.
- nitpick fixes in example.conf.
- Fix above stub queries for type NS and useless delegation point.
- Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3
  tls_choose_sigalg routine does not allow the ciphers for the pipe,
  so use TLSv1.2.
- Fix that flush_zone sets prefetch ttl expired, so that with
  serve-expired enabled it'll start prefetching those entries.
- Fix downstream auth zone, only fallback when auth zone fails to
  answer and fallback is enabled.
- Fix for max include depth for authzones.
- Fix memory free on fail for $INCLUDE in authzone.
- Fix that an internal error to look up the wrong rr type for
  auth zone gets stopped, before trying to send there.
- Fix auth zone target lookup iterator.
- Fix auth-zone retry timer to be on schedule with retry timeout,
  with backoff.  Also time a refresh at the zone expiry.
- Fix #658: unbound using TLS in a forwarding configuration does not
  verify the server's certificate (RFC 8310 support).
- For addr with #authname and no @port notation, the default is 853.
- man page documentation for dns-over-tls forward-addr '#' notation.
- removed free from failed parse case.
- Fix #4091: Fix that reload of auth-zone does not merge the zonefile
  with the previous contents.
- Delete auth zone when removed from config.
- makedist uses bz2 for expat code, instead of tar.gz.
- Fix #4092: libunbound: use-caps-for-id lacks colon in
  config_set_option.
- auth zone http download stores exact copy of downloaded file,
  including comments in the file.
- Fix sldns parse failure for CDS alternate delete syntax empty hex.
- Attempt for auth zone fix; add of callback in mesh gets from
  callback does not skip callback of result.
- Fix cname classification with qname minimisation enabled.
- Fix contrib/fastrpz.patch for this release.
- Fix auth https for libev.
- Fix memory leak when caching wildcard records for aggressive NSEC use
- Fix for crash in daemon_cleanup with dnstap during reload,
  from Saksham Manchanda.
- Also that for dnscrypt.


To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.40 -r1.41 pkgsrc/net/unbound/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/unbound/patches/patch-configure

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1525677208167570
Content-Disposition: inline
Content-Length: 2544
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/net/unbound/Makefile
diff -u pkgsrc/net/unbound/Makefile:1.54 pkgsrc/net/unbound/Makefile:1.55
--- pkgsrc/net/unbound/Makefile:1.54	Thu Mar 15 10:22:49 2018
+++ pkgsrc/net/unbound/Makefile	Mon May  7 07:13:28 2018
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.54 2018/03/15 10:22:49 he Exp $
+# $NetBSD: Makefile,v 1.55 2018/05/07 07:13:28 he Exp $
 
-DISTNAME=	unbound-1.7.0
+DISTNAME=	unbound-1.7.1
 CATEGORIES=	net
 MASTER_SITES=	http://www.unbound.net/downloads/
 

Index: pkgsrc/net/unbound/distinfo
diff -u pkgsrc/net/unbound/distinfo:1.40 pkgsrc/net/unbound/distinfo:1.41
--- pkgsrc/net/unbound/distinfo:1.40	Thu Mar 15 10:22:49 2018
+++ pkgsrc/net/unbound/distinfo	Mon May  7 07:13:28 2018
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.40 2018/03/15 10:22:49 he Exp $
+$NetBSD: distinfo,v 1.41 2018/05/07 07:13:28 he Exp $
 
-SHA1 (unbound-1.7.0.tar.gz) = d90b09315c75ad2843b868785b3d12a2c4f27b28
-RMD160 (unbound-1.7.0.tar.gz) = abc59d2b8b52bab5784fe56ccb8b7ed10e8830fe
-SHA512 (unbound-1.7.0.tar.gz) = 49b07643da2a89d8ceedce1295f550f74a76f4f11c2df54df55e9c42f03bad1b133789c7b36fb3c4f37d6b331ac302ecfd1249e8ebaaa4333beda8fa250b61d9
-Size (unbound-1.7.0.tar.gz) = 5538228 bytes
-SHA1 (patch-configure) = 30874b8337e4ef0e436bb52f4af92a43b810f7bb
+SHA1 (unbound-1.7.1.tar.gz) = b853b746fa1f89ecce160850ab163ef78f67eea5
+RMD160 (unbound-1.7.1.tar.gz) = fd9ee1d94d475a84997d16e2e939c661d297fa6b
+SHA512 (unbound-1.7.1.tar.gz) = 99a68abf1f60f6ea80cf2973906df44da9c577d8cac969824af1ce9ca385a2e84dd684937480da87cb73c7dc41ad5c00b0013ec74103eadb8fd7dc6f98a89255
+Size (unbound-1.7.1.tar.gz) = 5565938 bytes
+SHA1 (patch-configure) = 769ad52b9ab93bc8e48d2ffe8fef5b4b61070eba

Index: pkgsrc/net/unbound/patches/patch-configure
diff -u pkgsrc/net/unbound/patches/patch-configure:1.1 pkgsrc/net/unbound/patches/patch-configure:1.2
--- pkgsrc/net/unbound/patches/patch-configure:1.1	Sun Jul  9 08:09:41 2017
+++ pkgsrc/net/unbound/patches/patch-configure	Mon May  7 07:13:28 2018
@@ -1,11 +1,11 @@
-$NetBSD: patch-configure,v 1.1 2017/07/09 08:09:41 adam Exp $
+$NetBSD: patch-configure,v 1.2 2018/05/07 07:13:28 he Exp $
 
 Pretend expat.h is found: it is guaranteed by PkgSrc, but on Darwin it might
 be buried inside an SDK; we don't want the SDK path being exposed in CFLAGS.
 
 --- configure.orig	2017-07-09 07:41:42.000000000 +0000
 +++ configure
-@@ -18563,7 +18563,7 @@ fi
+@@ -18815,7 +18815,7 @@ fi
  
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
  $as_echo_n "checking for libexpat... " >&6; }


--_----------=_1525677208167570--